1. Field of the Invention
This invention relates to a security card and system for reducing credit card fraud.
2. Description of the Related Art
Credit-card fraud is an increasingly large problem. Stolen or misplaced credit cards are frequently misused. Standard credit cards, bank cards (debit cards) and stored value cards are memory cards with a magnetic stripe affixed to the surface or have a chip built into the card, and are inexpensive and easy to produce. All of these cards can be used at automated teller machine (ATMs) to make transactions between accounts or make cash withdrawals/advances or to make purchases at a given point of sale (POS). Standard credit cards that are used to charge purchases can often be used by consumers over the telephone or in a written purchase without actually presenting the card, but most in-person credit purchases and ATM uses require possession and use of the actual card, and in the case of an ATM in the United States and in all cases in the United Kingdom, possession and use of the correct personal identification number (PIN), which enables access to cash at automated teller machines (ATMs) located in millions of locations around the world.
When credit cards are used at an ATM, the credit card owner runs the credit card through the ATM card reader for identification and authentication of the account to be accessed. The information contained on the magnetic stripe or chip is minimal, often only a name, social security number, account number and address. What the card reader is looking for is the encoded key for authentication purposes. When the card is read, a message goes to the host (for example, Visa, MasterCard, etc.) for authentication. Once the host has the encrypted code it sends a challenge to the user (ATM). The correct response to the challenge is the PIN associated with the account that the person is trying to access. Both the initial transmission of the encoded key (PIN) that is to open the account and the challenge and response messages are hidden deep within the encrypted code that consists of an algorithm. If the user does not know the correct PIN for the card associated with the account the user is trying to access, often the system will allow more than one attempt at entering the correct PIN. Once the preset limit of incorrect PIN entries is met, the card is "captured" by the ATM and not returned to the user. This process is an "on-line" transaction, meaning that the card is being authenticated in real time before the transaction can be completed.
When credit cards are used at a store that is on-line, the process is exactly the same if a PIN number is used to authenticate the transaction. Many points of sale, however, do not require the individual presenting the card to enter a PIN number when making a purchase, thereby completing the transaction on faith that the individual presenting the credit card is actually the owner of the credit card and the account associated with the card. At a POS, often cards are read to see if the card has credit/value remaining and not for authentication. If the card has been reported stolen, and is on the system, it is at this point that the card reader can inform the POS of the status of the card. It is now the responsibility of the POS to either retain the card or allow an illegal transaction.
When credit cards are used at a small shop that is not on-line, but which later uploads the information from a reader from the off-line site, the POS has taken all transactions on faith that cards used to purchase goods or services did in fact belong to the individuals presenting the card and that the card did in fact have credit/value remaining to cover the cost of the transaction. Only after uploading all transactions at the end of the day or week or other time interval, will the POS discover which cards were legitimate and which were beyond their limit or were stolen.
In addition to the straightforward theft of credit cards themselves, thieves often steal PINs. Through "shoulder-surfing" (looking over the shoulder of a credit card user at an ATM), video surveillance by unauthorized cameras positioned within viewing distance of ATMs, and strong-arm robbery by persons seeking access to the account of a card-holder and through sharing of PINs and by card-owners carrying cards and PINs together, and through other means, the current credit card system is easily corrupted. Consumers are often desperately afraid to go to an ATM site because of the high likelihood of robbery during the time period of their approach to, utilization of, and departure from, an ATM site.
Through lack of knowledge or through carelessness, consumers often unwittingly assist the thieves by their behavior at the ATM or by their time of use of the ATM. Some consumers even write their PIN on the back of their credit cards so that they can remember it, but of course the number is then easily available to any thief. Any type of system that depends on a password or secret number depends on the ability to keep the secret information a secret.
Other thieves install bogus ATM machines that are simply computer terminals whereby people are induced to enter their credit card numbers, thereby providing a copy of all information contained on the card and the PIN not knowing that they are not using a real ATM but are using an inauthentic host. With that knowledge, credit card thieves who know the PIN can make multiple copies of the credit/debit card and access the funds from numerous locations, confounding the authorities' efforts to stop the crime.
There have been many efforts to try to reduce the amount of credit/debit card-related theft because this theft harms both the credit companies, and the legitimate credit card owners, who must pay more for the privilege of having a credit card to help offset the amount stolen each year. One basic step is to educate consumers so that all information about their credit/debit cards is kept secure.
There are a number of current technologies to try to solve these problems, which, although often clever, do not stand up to the "strong-arm tactics" of thieves. For example, solutions involving cryptography have been developed for user authentication. Such systems authenticate a user based on the knowledge or possession of a cryptographic key. Such systems require the user to have access to or to have memorized a key to be able to access a particular system, but there is no method provided to keep unauthorized users from obtaining the key by subterfuge or force.
Criminals desiring to utilize credit/debit cards for which there are hand-held password generators that require the use of a PIN, can, through might or cunning, obtain the PIN from the legitimate consumer along with the password generator itself, and thus, the cash. These devices have the inconvenience of requiring the consumer to carry the generator and to memorize the PIN, or to risk carrying the written PIN with them.
Another example of a current technology which can be very unsafe is "biometrics" in which the legitimate credit card user is recognized by a biological characteristic, for example, fingerprints, finger measurement, retinal/iris scan, or voice recognition. In each case, the serious criminal can subvert the system and/or there are serious drawbacks to use of the system. In the ease of fingerprints, the finger which is scanned by the duped ATM can be the finger of a coerced credit-card owner, or a dead credit-card owner. Many consumers are also reluctant to be finger-printed, fearing that the information will go into a police file somewhere. In the case of finger measurements, a frozen finger measures the same as a live finger. In the case of retinal scans, consumers are afraid of retinal scanner malfunction and resultant damage to the eye. Voice recognition equipment has advanced to the point where an individual's voice can be correctly identified under several different circumstances, even under extreme stress or duress. The problem with voice recognition is the same with all biometric authentication, which is that the user can be coerced into using parts or characteristics of the user's body to access secured areas, whether they be personal accounts or bank vaults.
Other systems designed to meet this problem include THE PANIC BUTTON.TM. made by Statsignal Systems, which consists of a radio transmitter contained in a hand-held key fob, which is essentially designed as a personal security system rather than to prevent credit card problems. In this system, there is a receiver inside the ATM facility and a modem connected to the 911 emergency response telephone network. Information on the owner's name, address, make of car and location from which the alarm is sounded is passed to the police. This system takes 18-20 seconds to identify the caller and then calls the 911 number. There is no guarantee that the call will go through, nor is there an estimated response time. The cost is about $500 for a bank to install and about $5 per month for the consumer.
There also are systems for removing one or more portions of the credit card so that the card-owner is not carrying an intact, usable card, but must assemble the completed card to use it. From the very high-tech VAULT CARD.TM. by CardLogix which allows the owner to unlock the card by entering a PIN via buttons on the card itself, to the very low-tech PINCard.TM. by Affinity Actions Ltd. that is nothing more than a grid-type encrypting system that utilizes a paper grid and a clear plastic overlay that when properly aligned decodes the blackened-in squares that correspond to a PIN, every attempt at securing a credit/debit card thus far still relies on the memorization of a PIN or alphanumeric code to keep either the card or the PIN itself secure.
"Smart cards" are the next step in credit/debit/stored value card evolution. They employ a microchip in conjunction with or in place of a magnetic stripe. Because the chip is a microprocessor, it has much greater capacity for the storage of information and is able to make computations that a magnetic strip cannot make. Smart chip/card technology is advancing every day, making the cards able to store more and more information about the user, such as the accounts the user owns, the types of purchases and their frequency. It is the desire of smart card makers to do away with magnetic stripe technology. The problem is that the existing infrastructure is not designed to support the new and changing technology. The card readers of today cannot support a smart chip. A smart chip only needs only to have power applied to it to turn it into the functioning microprocessor that it is. When the card is powered, it is capable of authenticating a user without going to a host in the way a magnetic stripe-based technology does. The smart card essentially determines whether or not a transaction will be allowed to take place. This, however, is its greatest flaw, because now, not only is one source of cash/value accessible, but all functions of the card are able to be utilized or exploited. Even with the increased functionality of smart chip technology, there is still need to for an access key. Again, smart card makers are looking to existing technologies such as cryptology and biometrics to provide the solutions for reducing fraudulent transactions. While these cards are far superior to conventional magnetic stripe-based cards, the common denominator is still the user/abuser. These cards do not have any mechanism for keeping an unauthorized user from forcing the authorized user to use the card, and do not have any mechanism of notifying authorities of unauthorized use or attempts at use.
It is therefore an object of the invention to provide a security card system which builds on existing technology to work actively against fraud and misuse of credit/debit cards, and arms the consumer with the proper tools to be proactive in the prevention of fraud, theft and violence.
It is a further object of the invention to provide a security card system which can be used to serve as a PIN memory aid, an emergency call activator, and a financial access padlock, and can thus give the consumer increased peace of mind.
It is a further object of the invention to provide a security card system which decreases the success rate of the would-be thief who is trying to determine the credit/debit/stored value card owner's PIN.
Other objects and advantages will be more fully apparent from the following disclosure and appended claims.